Skip to content

Commit

Permalink
Crowdstrike Falcon Intelligence - 16877 - New action added: Upload Ma…
Browse files Browse the repository at this point in the history
…lware Sample | Updated SDK to the latest version (#2918)
  • Loading branch information
igorski-r7 authored and rmurray-r7 committed Nov 5, 2024
1 parent b2bb4f5 commit 32116a6
Show file tree
Hide file tree
Showing 44 changed files with 1,850 additions and 3,245 deletions.
26 changes: 15 additions & 11 deletions plugins/crowdstrike_falcon_intelligence/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -1,39 +1,43 @@
{
"spec": "7c7b6f205e09b0c7f5deb31fe0f99610",
"manifest": "afec6aa4a72f7d5adfcaa33e693e49d4",
"setup": "5b4346fa75c78350298f5de8407d989b",
"spec": "bca05caa222aec0f714b712f496460c2",
"manifest": "afdb962b3049ec3c26e64bd74f3845f0",
"setup": "97a6c06a57546bbc57a253436e4ca559",
"schemas": [
{
"identifier": "checkAnalysisStatus/schema.py",
"hash": "b33491d2d597f6e98afc65a472df3cef"
"hash": "12fd58e742d161c70cc8ec7cda83757a"
},
{
"identifier": "downloadArtifact/schema.py",
"hash": "2ca7c6d488baaf4f6e20bf3f96dc694c"
"hash": "5ea60d06ef05140eaf3a1f01fd445e63"
},
{
"identifier": "getFullReport/schema.py",
"hash": "6e729794f718416ff53344586ef9cc78"
"hash": "035f4efe2488b60ac649df07bfac8313"
},
{
"identifier": "getReportsIDs/schema.py",
"hash": "2edc81eb0a7546bb0b9b14d0b985c5a5"
"hash": "b5636243ce257e3cb52f51f31d57868f"
},
{
"identifier": "getShortReport/schema.py",
"hash": "2f85634b911c8eabbdbcf6204f0a25c0"
"hash": "8fcd82d864a2a039734a5bc2336fb323"
},
{
"identifier": "getSubmissionsIDs/schema.py",
"hash": "b53506b55ad8003fd347bf0bc95ef19e"
"hash": "bcd8d0c7824a9f85c70f8cec4237614f"
},
{
"identifier": "submitAnalysis/schema.py",
"hash": "115798e956c58449ba2eef7a288ec95f"
"hash": "405eb43871561756ca0bdbd41af48058"
},
{
"identifier": "uploadMalwareSample/schema.py",
"hash": "dff311370f3503cc5b4d506ec0a4e8f3"
},
{
"identifier": "connection/schema.py",
"hash": "137057253a8e6ce38707b2ad62d4a4b0"
"hash": "39ebbb9d8b8ba4c668ea6b6986841962"
}
]
}
18 changes: 6 additions & 12 deletions plugins/crowdstrike_falcon_intelligence/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,26 +1,20 @@
FROM rapid7/insightconnect-python-3-38-plugin:4
# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version
FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.4

LABEL organization=rapid7
LABEL sdk=python

# Add any custom package dependencies here
# NOTE: Add pip packages to requirements.txt

# End package dependencies

# Add source code
WORKDIR /python/src

ADD ./plugin.spec.yaml /plugin.spec.yaml
ADD . /python/src
ADD ./requirements.txt /python/src/requirements.txt

# Install pip dependencies
RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi

# Install plugin
ADD . /python/src

RUN python setup.py build && python setup.py install

# User to run plugin code. The two supported users are: root, nobody
USER nobody

ENTRYPOINT ["/usr/local/bin/icon_crowdstrike_falcon_intelligence"]
ENTRYPOINT ["/usr/local/bin/icon_crowdstrike_falcon_intelligence"]
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
#!/usr/bin/env python
# GENERATED BY KOMAND SDK - DO NOT EDIT
# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
import os
import json
from sys import argv

Name = "CrowdStrike Falcon Intelligence"
Vendor = "rapid7"
Version = "1.0.0"
Version = "1.1.0"
Description = "CrowdStrike Falcon Intelligence is used to automatically investigate incidents and accelerate alert triage and response. Built into the Falcon Platform, it is operational in seconds"


Expand All @@ -23,7 +23,7 @@ def main():
monkey.patch_all()

import insightconnect_plugin_runtime
from icon_crowdstrike_falcon_intelligence import connection, actions, triggers
from icon_crowdstrike_falcon_intelligence import connection, actions, triggers, tasks

class ICONCrowdstrikeFalconIntelligence(insightconnect_plugin_runtime.Plugin):
def __init__(self):
Expand All @@ -34,20 +34,22 @@ def main():
description=Description,
connection=connection.Connection()
)
self.add_action(actions.CheckAnalysisStatus())

self.add_action(actions.DownloadArtifact())


self.add_action(actions.GetShortReport())

self.add_action(actions.GetFullReport())


self.add_action(actions.CheckAnalysisStatus())

self.add_action(actions.SubmitAnalysis())

self.add_action(actions.GetReportsIDs())

self.add_action(actions.GetShortReport())


self.add_action(actions.GetSubmissionsIDs())

self.add_action(actions.SubmitAnalysis())

self.add_action(actions.UploadMalwareSample())

"""Run plugin"""
cli = insightconnect_plugin_runtime.CLI(ICONCrowdstrikeFalconIntelligence())
Expand Down
Loading

0 comments on commit 32116a6

Please sign in to comment.